iMIS Power Suite - Outlook Integration

iMIS Outlook Integration Security

The iMIS Outlook Integration uses a secure authentication model to connect Outlook users to iMIS through a cloud-based service.

Authentication ensures the following:

  • Only authorized users can access iMIS data
  • All actions respect iMIS security roles and permissions
  • Email data is securely transmitted between systems

The integration leverages modern authentication standards, including Single Sign-On (SSO) and token-based authentication.

Understanding the authentication flow

When a user interacts with the Outlook Integration, authentication occurs across multiple layers:

Authentication flow

  1. Outlook Add-in
    • The user interacts with the add-in inside Outlook
  2. Cloud service
    • The add-in communicates with the iMIS cloud integration service
  3. iMIS authentication
    • The service validates the user against iMIS using configured authentication (SSO, OpenID Connect, or credentials)
  4. Authorized access
    • Once authenticated, the user can:
      • Search contacts
      • Save emails and attachments
      • Create activities or interactions

This layered approach ensures that credentials are never directly exposed between systems and that all access is centrally controlled.

Authentication methods

Depending on your organization’s configuration, authentication may include:

  • Single Sign-On (SSO) using OpenID Connect
  • Identity provider authentication (for example, Microsoft Entra ID)
  • Multi-factor authentication (MFA) enforced by your identity provider

These methods allow organizations to align the Outlook Integration with existing security policies.

Understanding token-based authentication

The Outlook Integration uses authentication tokens rather than storing user credentials directly.

How tokens are used

  1. When logging into iMIS Outlook Integration for the first time, a token is created behind the scenes. This token will be encrypted and will be valid for 24 hours. This enables quick access to iMIS Outlook Integration as the user accesses emails within Outlook.
  2. The token is used to authenticate subsequent requests.
  3. After the 24-hour period (when the token expires), iMIS Outlook Integration will automatically log a user in with the credentials the user used. This will take slightly longer (between 5 to 8 seconds) and will create another 24-hour token.

In the event that a user's access to iMIS Outlook Integration must be revoked immediately, purge the iMIS system cache.

Token storage

  • Tokens are not stored as plain-text credentials
  • Tokens are stored securely within the session context of the add-in or browser
  • Tokens may persist temporarily to support seamless user sessions
  • Long-term credential storage is handled by the identity provider (not the integration)

This approach reduces security risk by avoiding repeated transmission of usernames and passwords.

Email data and storage considerations

When emails are saved to iMIS:

  • The following data may be stored:
    • Email subject and body
    • Recipients
    • Attachments (if enabled)
  • Data is stored as:
    • Activities or interactions
  • Access is controlled by:
    • iMIS user roles
    • Security permissions

Important! Only users with appropriate permissions can view or interact with saved email data.

Disabling access

Do the following to disable access to the Outlook Integration:

  1. Disable the user account in iMIS. Alternatively, change the password.
  2. Purge the iMIS cache.

IQA queries

IQA queries will follow the same permissions that are set in iMIS, so iMIS Outlook Integration users will only be able to see and use queries they can access through iMIS. Therefore, if the user is not able to see an IQA query or its folder in iMIS, they will not be able to see the IQA query or folder in iMIS Outlook Integration.